"user" field should be optional

[z1haze]

I think it makes sense that the types be updated to make the user field optional, provided getUser is only required for password grants, according to the docs. In our use case in particular, we do not have any user data, any use anonymous authorization, simply because our apis behind the scenes require authorization, even for guests.

[jankapunkt]

@z1haze thanks for introducing this topic. From my perspective this is an interesting input as I will also have to work on a similar use case very soon.

However, I first have to check on two things:

• will this be compliant with the standard
• will it be non-breaking

[z1haze]

Cool, thanks for your consideration. I don't think that user is any requirement of the oauth2 spec. There may be some loose couplings with oidc, but this project doesnt advertise as oidc compliant, and it doesn't provide any methods to fetch the user for use in the getUserInfo call, anyway